Back to skill

Security audit

Claude Code Memory Skill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only memory workflow skill that openly stores repo-local agent notes, with privacy hygiene users should manage themselves.

Install only if you want agents to keep repo-local memory across sessions. Review .agent-memory/ content periodically, avoid storing secrets, credentials, health or financial details, and remove stale or overly personal notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly recommends storing 'information about the user' in durable cross-session memory but provides no guidance on data minimization, consent, sensitivity classification, retention, or secrets handling. In a memory-management skill, this omission is material because it can normalize persistence of personal or sensitive data beyond the current task, increasing privacy, compliance, and accidental disclosure risk.

Ssd 3

Medium
Confidence
90% confidence
Finding
The README explicitly encourages retaining user-related and project-related facts across conversations, but it does not define sensitivity boundaries, consent requirements, retention limits, or exclusion categories. In a memory skill, this omission can lead agents or operators to persist personal, confidential, or otherwise unnecessary data indefinitely, creating privacy and data-minimization risks.

Ssd 3

Medium
Confidence
87% confidence
Finding
The examples normalize persistent 'user memory' by linking to durable user-profile artifacts without any nearby warning about sensitive-data handling. That makes unsafe persistence patterns easier to copy into real deployments, especially because README examples often serve as the primary implementation guide.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.